Manage Users in UAA
Page last updated:
Create and manage users in UAA with the UAA Command Line Interface (UAAC).
To retrieve the UAA admin client secret, do the following:
- In a web browser, navigate to the fully qualified domain name (FQDN) of Ops Manager and click the Pivotal Container Service tile.
- Click Credentials.
- To view the UAA admin client password, click Uaa Admin Secret. The client username is
With this, you will be able to create a UAA user account.
To allow a user to access clusters in PKS, do the following using UAAC:
Target your UAA server using
uaac target https://UAA-URL:8443. Replace
UAA-URLwith the domain name you configured in the UAA pane of the PKS tile. For example:
$ uaac target https://api.pks.example.com:8443
Authenticate with UAA using the secret you retrieved in the previous section. Run the following command, replacing
UAA-ADMIN-SECRETwith your UAA admin secret:
uaac token client get admin -s UAA-ADMIN-SECRET
Create a user by running
uaac user add USERNAME --emails USER-EMAIL -p USER-PASSWORD. For example:
$ uaac user add alana --emails email@example.com -p password
Assign a scope to the user to allow them to access Kubernetes clusters. Run
uaac member add UAA-SCOPE USERNAME, replacing
UAA-SCOPEwith one of the following UAA scopes:
pks.clusters.admin: Users with this scope have full access to all clusters.
pks.clusters.manage: Users with this scope can only access clusters they create.
$ uaac member add pks.clusters.admin alana